<!DOCTYPE html>
<html lang="zh_cn">
<head>
          <title>来玩魔王的咚</title>
        <meta name="viewport" content="width=device-width, initial-scale=1" />
        <meta charset="utf-8" />
        <!-- twitter card metadata -->
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="/images/mowang.png">
<meta name="twitter:site" content="">
<meta name="twitter:title" content="Docker 网络">
<meta name="twitter:description" content="<p>容器虚拟化网络基础：共享网络名称空间，四种容器网络类型；设定容器网络：network参数，主机名和域名，搜索域，端口映射，联盟式网络；开放式网络：防火墙问题；修改默认网络；创建自定义网络：默认bridge网络的设置；远程管理docker：客户端设置环境变量</p>">
        <!-- OG Tags -->
<meta property="og:url" content="/docker-network.html"/>
<meta property="og:title" content="来玩魔王的咚 | Docker 网络" />
<meta property="og:description" content="<p>容器虚拟化网络基础：共享网络名称空间，四种容器网络类型；设定容器网络：network参数，主机名和域名，搜索域，端口映射，联盟式网络；开放式网络：防火墙问题；修改默认网络；创建自定义网络：默认bridge网络的设置；远程管理docker：客户端设置环境变量</p>" />
        <!-- favicon -->
        <link rel="icon" type="image/png" href="/images/mowang.png">
        <!-- moment.js for date formatting -->
        <script src="/theme/js/moment.js"></script>
        <!-- css -->
        <link rel="stylesheet" type="text/css" href="/theme/css/main.css" />
        <!-- 左边的menu，如果页面高度不够，就跟着滚动，否则文章分类显示不全 -->
        <link rel="stylesheet" type="text/css" href="/theme/css/mycss/menu.css" />
		<script>
			
                /*! grunt-grunticon Stylesheet Loader - v2.1.2 | https://github.com/filamentgroup/grunticon | (c) 2015 Scott Jehl, Filament Group, Inc. | MIT license. */
    
    (function(e){function t(t,n,r,o){"use strict";function a(){for(var e,n=0;u.length>n;n++)u[n].href&&u[n].href.indexOf(t)>-1&&(e=!0);e?i.media=r||"all":setTimeout(a)}var i=e.document.createElement("link"),l=n||e.document.getElementsByTagName("script")[0],u=e.document.styleSheets;return i.rel="stylesheet",i.href=t,i.media="only x",i.onload=o||null,l.parentNode.insertBefore(i,l),a(),i}var n=function(r,o){"use strict";if(r&&3===r.length){var a=e.navigator,i=e.Image,l=!(!document.createElementNS||!document.createElementNS("http://www.w3.org/2000/svg","svg").createSVGRect||!document.implementation.hasFeature("http://www.w3.org/TR/SVG11/feature#Image","1.1")||e.opera&&-1===a.userAgent.indexOf("Chrome")||-1!==a.userAgent.indexOf("Series40")),u=new i;u.onerror=function(){n.method="png",n.href=r[2],t(r[2])},u.onload=function(){var e=1===u.width&&1===u.height,a=r[e&&l?0:e?1:2];n.method=e&&l?"svg":e?"datapng":"png",n.href=a,t(a,null,null,o)},u.src="",document.documentElement.className+=" grunticon"}};n.loadCSS=t,e.grunticon=n})(this);(function(e,t){"use strict";var n=t.document,r="grunticon:",o=function(e){if(n.attachEvent?"complete"===n.readyState:"loading"!==n.readyState)e();else{var t=!1;n.addEventListener("readystatechange",function(){t||(t=!0,e())},!1)}},a=function(e){return t.document.querySelector('link[href$="'+e+'"]')},c=function(e){var t,n,o,a,c,i,u={};if(t=e.sheet,!t)return u;n=t.cssRules?t.cssRules:t.rules;for(var l=0;n.length>l;l++)o=n[l].cssText,a=r+n[l].selectorText,c=o.split(");")[0].match(/US\-ASCII\,([^"']+)/),c&&c[1]&&(i=decodeURIComponent(c[1]),u[a]=i);return u},i=function(e){var t,o,a;o="data-grunticon-embed";for(var c in e)if(a=c.slice(r.length),t=n.querySelectorAll(a+"["+o+"]"),t.length)for(var i=0;t.length>i;i++)t[i].innerHTML=e[c],t[i].style.backgroundImage="none",t[i].removeAttribute(o);return t},u=function(t){"svg"===e.method&&o(function(){i(c(a(e.href))),"function"==typeof t&&t()})};e.embedIcons=i,e.getCSS=a,e.getIcons=c,e.ready=o,e.svgLoadedCallback=u,e.embedSVG=u})(grunticon,this);
                
                grunticon(["/theme/css/icons.data.svg.css", "/theme/css/icons.data.png.css", "/theme/css/icons.fallback.css"]);
            </script>
        <noscript><link href="/theme/css/icons.fallback.css" rel="stylesheet"></noscript>
        <!-- menu toggle javascript -->
        <script type="text/javascript">
            document.addEventListener("DOMContentLoaded", initMenu);
            
            function initMenu(){
                var menu = document.getElementById("menu");
                var menulink = document.getElementById("menu-link");
                menulink.addEventListener("click", function toggleMenu(){
                        window.event.preventDefault();
                        menulink.classList.toggle('active');
                        menu.classList.toggle('active');              
                    });
            };
        </script>
        <!-- 不蒜子 -->
        <script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>

    <meta name="description" content="<p>容器虚拟化网络基础：共享网络名称空间，四种容器网络类型；设定容器网络：network参数，主机名和域名，搜索域，端口映射，联盟式网络；开放式网络：防火墙问题；修改默认网络；创建自定义网络：默认bridge网络的设置；远程管理docker：客户端设置环境变量</p>" />

    <meta name="tags" content="docker" />
  <!-- 替换部分base的样式，看文章时，要再宽一点，右边有很多空间可以撑开 -->
  <link rel="stylesheet" type="text/css" href="/theme/css/mycss/article.css" />

</head>
<body>
    <div role="banner" id="masthead">
        <header>
            <a href="/"><img src="/images/mowang.png" alt="McManus Logo"></a>
                <h1>来玩魔王的咚@骑士救兵</h1>
            <a href="#menu" id="menu-link">more stuff</a>
            <nav id="menu">
                <ul>
                        <li><a href="/tags">tags</a></li>
                            <li><a href="/category/cloud.html">Cloud</a></li>
                            <li class="active"><a href="/category/docker.html">Docker</a></li>
                            <li><a href="/category/go.html">Go</a></li>
                            <li><a href="/category/linux.html">Linux</a></li>
                            <li><a href="/category/python.html">Python</a></li>
                            <li><a href="/category/xue-xi-bi-ji.html">学习笔记</a></li>
                            <li><a href="/category/yun-wei-zi-dong-hua.html">运维自动化</a></li>
                </ul>
            </nav>
        </header>
    </div>
        <div class="page" role="main">
  <div class="article" role="article">
    <article>
        <footer>
            <a name="top"></a>
            <p>
              <time datetime=" 2020-07-22 11:00:00+08:00">
                <script>document.write(moment('2020-07-22 11:00:00+08:00').format('LL'));</script>
              </time>
              ~
              <time datetime=" 2020-07-22 11:00:00+08:00">
                <script>document.write(moment('2020-07-22 11:00:00+08:00').format('LL'));</script>
              </time>
            </p>
        </footer>
        <header>
          <h2>
            Docker 网络
          </h2>
        </header>
      <div class="content">
         <div class="toc">
<ul>
<li><a href="#rong-qi-xu-ni-hua-wang-luo-ji-chu">容器虚拟化网络基础</a><ul>
<li><a href="#cha-kan-rong-qi-de-wang-luo-xin-xi">查看容器的网络信息</a></li>
<li><a href="#gong-xiang-wang-luo-ming-cheng-kong-jian">共享网络名称空间</a></li>
<li><a href="#si-zhong-rong-qi-wang-luo-lei-xing">四种容器网络类型</a></li>
</ul>
</li>
<li><a href="#she-ding-rong-qi-wang-luo">设定容器网络</a><ul>
<li><a href="#network-can-shu">network 参数</a></li>
<li><a href="#zhu-ji-ming-he-yu-ming">主机名和域名</a></li>
<li><a href="#duan-kou-ying-she-p">端口映射-p</a></li>
</ul>
</li>
<li><a href="#lian-meng-shi-he-kai-fang-shi">联盟式和开放式</a><ul>
<li><a href="#lian-meng-shi-wang-luo">联盟式网络</a></li>
<li><a href="#kai-fang-shi-wang-luo">开放式网络</a></li>
</ul>
</li>
<li><a href="#xiu-gai-mo-ren-docker-wang-luo">修改默认docker网络</a><ul>
<li><a href="#mo-ren-de-bridge-wang-luo">默认的bridge网络</a></li>
<li><a href="#xiu-gai-mo-ren-docker0-qiao">修改默认docker0桥</a></li>
<li><a href="#chuang-jian-zi-ding-yi-qiao">创建自定义桥</a></li>
</ul>
</li>
<li><a href="#yuan-cheng-guan-li-docker">远程管理docker</a><ul>
<li><a href="#fu-wu-duan-pei-zhi">服务端配置</a></li>
<li><a href="#ke-hu-duan-lian-jie">客户端连接</a></li>
</ul>
</li>
</ul>
</div>
<h3 id="rong-qi-xu-ni-hua-wang-luo-ji-chu"><a class="toclink" href="#rong-qi-xu-ni-hua-wang-luo-ji-chu">容器虚拟化网络基础</a></h3>
<p>docker安装完以后，自动提供了3种网络：</p>
<ul>
<li>bridge: 桥接网络，Net桥</li>
<li>host: 共享宿主机的网络接口</li>
<li>none: 容器内只有lo接口，没有任何网卡</li>
</ul>
<div class="highlight"><pre><span></span><code>$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
9ac63d7fc6e8        bridge              bridge              <span class="nb">local</span>
b46032ae4b5f        host                host                <span class="nb">local</span>
60f69f2c7987        none                null                <span class="nb">local</span>
$ 
</code></pre></div>

<h4 id="cha-kan-rong-qi-de-wang-luo-xin-xi"><a class="toclink" href="#cha-kan-rong-qi-de-wang-luo-xin-xi">查看容器的网络信息</a></h4>
<p>使用 inspect 命令可以查看docker对象的底层信息。<br>
比如可以查看容器的信息，其中网络部分的信息如下：</p>
<div class="highlight"><pre><span></span><code><span class="w">            </span><span class="nt">&quot;Networks&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">                </span><span class="nt">&quot;bridge&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;IPAMConfig&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;Links&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;Aliases&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;NetworkID&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;9ac63d7fc6e871eb47e39f9ec4e3fda6a23cb95a906a9ddc6431ed716e000fa1&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;EndpointID&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;c8b64271d3d7ea5a0a8357c51fa5c80d398dbd07ad7e920792ebbaab628cb00d&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;Gateway&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;172.17.0.1&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;IPAddress&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;172.17.0.2&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;IPPrefixLen&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">16</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;IPv6Gateway&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;GlobalIPv6Address&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;GlobalIPv6PrefixLen&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;MacAddress&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;02:42:ac:11:00:02&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">                    </span><span class="nt">&quot;DriverOpts&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="w"></span>
<span class="w">                </span><span class="p">}</span><span class="w"></span>
<span class="w">            </span><span class="p">}</span><span class="w"></span>
</code></pre></div>

<p>这里可以查看容器内部网卡的IP地址。  </p>
<h4 id="gong-xiang-wang-luo-ming-cheng-kong-jian"><a class="toclink" href="#gong-xiang-wang-luo-ming-cheng-kong-jian">共享网络名称空间</a></h4>
<p>每一个容器都有各自一组独立的6个Namespaces：Mount、PID、User、UTS、IPC、Network。<br>
还有一种方案，让每一个容器值只拥有独立的Mount、PID、User。而其他的3个UTS、IPC、Network是共享的。就是有自己隔离的名称空间，但也可以共享其中一部分名称空间。一般只共享网络通信相关的，主机名（UTS）、进程间通信（IPC）、网络（Network）。<br>
这样做带来了一个便利。现在不同的容器共享了网络接口，使用的是同一个网络。每个容器内部的lo接口是同一个lo接口。这样一个容器只要往本地的lo接口发请求，或者是往127.0.0.1发请求，共享网络接口的其他容器也能够接收到。  </p>
<p><strong>直接和宿主机共享名称空间</strong><br>
还是上面的共享名称空间，还可以直接和宿主机共享名称空间。那么这个和宿主机共享名称空间的容器，容器内部的接口就是宿主机的网络接口。容器对网络的修改也就是对宿主机的网络进行了修改。这个容器就有了管理网络的特权。<br>
这种就是网络类型中的host类型，就是让容器使用宿主机的网络名称空间。  </p>
<h4 id="si-zhong-rong-qi-wang-luo-lei-xing"><a class="toclink" href="#si-zhong-rong-qi-wang-luo-lei-xing">四种容器网络类型</a></h4>
<p>Docker一共有4种网络模型：</p>
<ul>
<li>封闭式</li>
<li>桥接式</li>
<li>联盟式</li>
<li>开放式</li>
</ul>
<p><img alt="Docker四种网络模型" src="/images/docker/03_docker-network-model.png">  </p>
<h5 id="bridged-containers"><a class="toclink" href="#bridged-containers">Bridged containers</a></h5>
<p>桥接式容器一般拥有两个接口：一个环回接口和一个连接至主机上某桥设备的以太网接口。<br>
docker启动时默认会创建一个名为docker0的网络桥，并且创建的容器为桥接式容器，其以太网接口桥接至docker0。<br>
docker0桥为NET桥，因此桥接式容器可通过此桥接口访问外部网络。  </p>
<h5 id="closed-containers"><a class="toclink" href="#closed-containers">Closed containers</a></h5>
<p>不参与网络通信，运行于此容器中的进程仅能访问本地环回接口。<br>
仅适用于进程无须网络通信的场景中，例如备份、进程诊断及各种离线任务等。  </p>
<h5 id="qi-ta-liang-zhong"><a class="toclink" href="#qi-ta-liang-zhong">其他两种</a></h5>
<p>剩下的还有开放式和联盟式，这部分需要单独再展开说明。  </p>
<h3 id="she-ding-rong-qi-wang-luo"><a class="toclink" href="#she-ding-rong-qi-wang-luo">设定容器网络</a></h3>
<p>创建容器时（run或create），使用参数可以对容器的网络进行设定。  </p>
<h4 id="network-can-shu"><a class="toclink" href="#network-can-shu">network 参数</a></h4>
<p>使用--nework参数可以指定容器的网络模式，默认值是default，这个就是bridge模式。  </p>
<h5 id="brideg-mo-shi"><a class="toclink" href="#brideg-mo-shi">brideg模式</a></h5>
<p>正常启动容器，不使用任何网络参数：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b1 --rm -it busybox
/ <span class="c1"># ifconfig</span>
eth0      Link encap:Ethernet  HWaddr <span class="m">02</span>:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1032 <span class="o">(</span><span class="m">1</span>.0 KiB<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

/ <span class="c1"># </span>
</code></pre></div>

<p>以默认的网络模式启动容器。如果启动容器是加上参数<code>--network bridge</code>效果也是一样的。  </p>
<h5 id="none-mo-shi"><a class="toclink" href="#none-mo-shi">none模式</a></h5>
<p>使用--network none启动一个没有任何网络的容器：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b1 --rm -it --network none busybox
/ <span class="c1"># ifconfig -a</span>
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

/ <span class="c1"># </span>
</code></pre></div>

<p>这里显示，只有一个lo接口，没有其他网络接口。  </p>
<h5 id="qi-ta-wang-luo-mo-shi"><a class="toclink" href="#qi-ta-wang-luo-mo-shi">其他网络模式</a></h5>
<p>剩下的还有host模式和联盟式网络，这部分需要单独再展开说明。往下看。  </p>
<h4 id="zhu-ji-ming-he-yu-ming"><a class="toclink" href="#zhu-ji-ming-he-yu-ming">主机名和域名</a></h4>
<p>在网络上提供服务的时候，一般不是直接提供IP地址。而是提供主机名或域名，不但方便记忆也会有一些其他的便利。所以Docker容器的主机名也是一个重要的网络属性。  </p>
<h5 id="zhu-ji-ming"><a class="toclink" href="#zhu-ji-ming">主机名</a></h5>
<p>容器的主机名就是它的ID：</p>
<div class="highlight"><pre><span></span><code>/ <span class="c1"># hostname</span>
6fb514e1fa3b
/ <span class="c1"># </span>
</code></pre></div>

<p>可以在启动容器时，使用-h参数来设定容器的主机名：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b1 --rm -it -h b1.busybox busybox
/ <span class="c1"># hostname</span>
b1.busybox
/ <span class="c1"># </span>
</code></pre></div>

<h5 id="dns-fu-wu-qi"><a class="toclink" href="#dns-fu-wu-qi">DNS服务器</a></h5>
<p>先看一下默认使用的DNS服务器，就是网关的地址：</p>
<div class="highlight"><pre><span></span><code>/ <span class="c1"># cat /etc/resolv.conf </span>
<span class="c1"># Generated by NetworkManager</span>
nameserver <span class="m">192</span>.168.1.1
/ <span class="c1"># nslookup -type=a baidu.com</span>
Server:         <span class="m">192</span>.168.1.1
Address:        <span class="m">192</span>.168.1.1:53

Non-authoritative answer:
Name:   baidu.com
Address: <span class="m">220</span>.181.38.148
Name:   baidu.com
Address: <span class="m">123</span>.125.114.144

/ <span class="c1"># </span>
</code></pre></div>

<p>使用参数指定DNS服务器启动容器，然后查看容器的DNS的设置：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b1 --rm -it -h b1.busybox --dns <span class="m">223</span>.5.5.5 busybox
/ <span class="c1"># cat /etc/resolv.conf </span>
nameserver <span class="m">223</span>.5.5.5
/ <span class="c1"># </span>
</code></pre></div>

<h5 id="sou-suo-yu"><a class="toclink" href="#sou-suo-yu">搜索域</a></h5>
<p>另外还有个参数是--dns-search，是用来指定搜索域的。<br>
这个搜索域就是当给的名称不是FQDN主机名格式的时候，自动补的后缀:</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b1 --rm -it -h b1.busybox --dns <span class="m">223</span>.5.5.5 --dns-search baidu.com busybox
/ <span class="c1"># cat /etc/resolv.conf </span>
search baidu.com
nameserver <span class="m">223</span>.5.5.5
/ <span class="c1"># nslookup -type=a www</span>
Server:         <span class="m">223</span>.5.5.5
Address:        <span class="m">223</span>.5.5.5:53

Non-authoritative answer:
www.baidu.com   canonical <span class="nv">name</span> <span class="o">=</span> www.a.shifen.com
Name:   www.a.shifen.com
Address: <span class="m">39</span>.156.66.14
Name:   www.a.shifen.com
Address: <span class="m">39</span>.156.66.18

/ <span class="c1"># </span>
</code></pre></div>

<p>指定主机名的时候，没有给完整的域名后缀，不过因为设置了搜索域，所以就自动补全了。  </p>
<h5 id="hosts-wen-jian"><a class="toclink" href="#hosts-wen-jian">hosts文件</a></h5>
<p>除了域名服务器，还可以通过本地hosts文件来管理主机名：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b1 --rm -it -h busybox1.idx.net --dns <span class="m">223</span>.5.5.5 --dns-search idx.net busybox
/ <span class="c1"># cat /etc/hosts</span>
<span class="m">127</span>.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
<span class="m">172</span>.17.0.2      busybox1.idx.net busybox1
/ <span class="c1"># </span>
</code></pre></div>

<p>可以看到默认就把主机名写入到本地的hosts文件中了。<em>这里加了2个名称，前一个是完整的主机名，后一个是主机名除去后缀的部分。</em>  </p>
<p>还可以使用参数向hosts文件中注入信息：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b1 --rm -it -h busybox1.idx.net --dns <span class="m">223</span>.5.5.5 --dns-search idx.net --add-host host1.idx.net:192.168.100.1 --add-host host2.idx.net:192.168.100.2 busybox
/ <span class="c1"># cat /etc/hosts </span>
<span class="m">127</span>.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
<span class="m">192</span>.168.100.1   host1.idx.net
<span class="m">192</span>.168.100.2   host2.idx.net
<span class="m">172</span>.17.0.2      busybox1.idx.net busybox1
/ <span class="c1"># </span>
</code></pre></div>

<p>添加记录使用(host:ip)的格式。这个参数是list属性，如果有多个记录，就调用多次参数。  </p>
<h4 id="duan-kou-ying-she-p"><a class="toclink" href="#duan-kou-ying-she-p">端口映射-p</a></h4>
<p>Docker0为NET桥，因此容器获得的是私有网络地址（内网地址）。<br>
从拓扑结构上看，容器就是一台在宿主机NET服务之后的一台主机。如果容器需要对外提供服务，就要在宿主机上为其定义DNAT规则。  </p>
<h5 id="-p-xuan-xiang-de-shi-yong-ge-shi"><a class="toclink" href="#-p-xuan-xiang-de-shi-yong-ge-shi">-p选项的使用格式</a></h5>
<div class="highlight"><pre><span></span><code>-p &lt;containerPort&gt;
</code></pre></div>

<p>将指定的容器端口映射至主机所有地址的一个动态端口。  </p>
<div class="highlight"><pre><span></span><code>-p &lt;hostPort&gt;:&lt;containerPort&gt;
</code></pre></div>

<p>将容器端口containerPort映射至主机端口hostPort。  </p>
<div class="highlight"><pre><span></span><code>-p &lt;ip&gt;::&lt;containerPort&gt;
</code></pre></div>

<p>将指定的容器端口containerPort映射至主机指定ip的动态端口。<br>
<em>命令中间是两个冒号，相当于下面的3个变量的命令省略了中间的变量。</em>  </p>
<div class="highlight"><pre><span></span><code>-p &lt;ip&gt;:&lt;hostPort&gt;:&lt;containerPort&gt;
</code></pre></div>

<p>将指定的容器端口containerPort映射至主机指定ip的端口hostPort。  </p>
<p>动态端口指随机端口，具体映射结果可以使用<code>docker port</code>命令查看。  </p>
<p>-P（大写），随机映射端口到内部容器开放的所有网络端口。<br>
这里开放的网络端口是镜像制作时设定的，启动容器时也可以使用参数--expose指定计划要开放的端口。<em>只有使用-P参数，才需要指定具体要开放哪些端口，可以是镜像中设定也可以是参数--expose设定。使用-p参数时，是指定要映射的端口，所处没有设置要开放的端口也没问题。</em>  </p>
<p>可以指定使用的协议，默认是tcp。udp需要指定:</p>
<div class="highlight"><pre><span></span><code>-p 127.0.0.1:5000:5000/udp
</code></pre></div>

<p>-p参数可以多次使用来绑定多个端口。  </p>
<h5 id="yong-httpd-jing-xiang-ce-shi-duan-kou-ying-she"><a class="toclink" href="#yong-httpd-jing-xiang-ce-shi-duan-kou-ying-she">用httpd镜像测试端口映射</a></h5>
<p>不使用端口映射：</p>
<div class="highlight"><pre><span></span><code>$ docker container run -dit --name app1 --rm httpd:alpine 
78e4e42fdd0c33a0410077731d26e418423a27827ab62e83dfe×××bca40f671
$ curl http://172.17.0.2
&lt;html&gt;&lt;body&gt;&lt;h1&gt;It works!&lt;/h1&gt;&lt;/body&gt;&lt;/html&gt;
$ curl http://127.0.0.1
curl: <span class="o">(</span><span class="m">7</span><span class="o">)</span> Failed connect to <span class="m">127</span>.0.0.1:80<span class="p">;</span> 拒绝连接
$ 
</code></pre></div>

<p>由于没有做端口映射，容器可以通过NAT访问外部网络，但是无法被外部网络访问到，就是容器没有暴露任何接口到公网。宿主机可以通过容器的私网地址访问页面，但是无法通过宿主机的接口地址访问页面，这样外网也无法访问到页面。  </p>
<p>使用-P参数：</p>
<div class="highlight"><pre><span></span><code>$ docker container run -dit --name app1 --rm -P httpd:alpine 
fde094cc000be912e68b8f6321f38d97c76cbabb54454da11c65e0aabd90dc1e
$ docker container port app1
<span class="m">80</span>/tcp -&gt; <span class="m">0</span>.0.0.0:32769
$ curl http://127.0.0.1:32769
&lt;html&gt;&lt;body&gt;&lt;h1&gt;It works!&lt;/h1&gt;&lt;/body&gt;&lt;/html&gt;
$
</code></pre></div>

<p>这次可以用个宿主机的环回口访问了，直接用浏览器使用宿主机的地址也能够访问。但是端口是随机的，这就是需要使用port命令查看随机分配的端口号。  </p>
<h3 id="lian-meng-shi-he-kai-fang-shi"><a class="toclink" href="#lian-meng-shi-he-kai-fang-shi">联盟式和开放式</a></h3>
<p>联盟式是容器之间共享网络名称空间，而开放式是容器共享使用宿主机的网络名称空间。在原理上这两者是一样的。  </p>
<h4 id="lian-meng-shi-wang-luo"><a class="toclink" href="#lian-meng-shi-wang-luo">联盟式网络</a></h4>
<p>联盟式容器（joined containrs），是指使用某个已经存在容器的网络接口的容器。接口被联盟内的各容器共享使用。<br>
联盟式容器彼此间共享的是同一个网络名称空间，UTS、IPC、Network。其他名称空间还是隔离的，Mount、PID、User。<br>
联盟式容器彼此间存在端口冲突的可能性。因此，通常只会在多个容器上的程序需要程序loopback接口互相通信、或对某已存的容器的网络属性进行监控时才使用此种模式的网络类型。<br>
<em>介绍共享网络名称空间的时候，也讲过共享后的便利，就是多个容器可以使用本地环回口实现互相间的通信。</em>  </p>
<h5 id="qi-dong-di-yi-ge-rong-qi"><a class="toclink" href="#qi-dong-di-yi-ge-rong-qi">启动第一个容器</a></h5>
<p>使用交互式接口，开启一个容器：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b1 --rm -it busybox
/ <span class="c1"># ifconfig</span>
eth0      Link encap:Ethernet  HWaddr <span class="m">02</span>:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:516 <span class="o">(</span><span class="m">516</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

/ <span class="c1"># </span>
</code></pre></div>

<h5 id="qi-dong-di-er-ge-rong-qi"><a class="toclink" href="#qi-dong-di-er-ge-rong-qi">启动第二个容器</a></h5>
<p>上一个终端被占用着，所以再开一个终端依然使用交互式接口开启第二个容器。这里多了--network参数，就是建立联盟式容器的：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b2 --rm -it --network container:b1 busybox
/ <span class="c1"># ifconfig</span>
eth0      Link encap:Ethernet  HWaddr <span class="m">02</span>:42:AC:11:00:02  
          inet addr:172.17.0.2  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:656 <span class="o">(</span><span class="m">656</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

/ <span class="c1"># </span>
</code></pre></div>

<p>查看两个容器的ip地址、MAC地址，可见两个容器的网络接口是同一个。效果就相当于传统模式时，同一个主机里的两个进程。和传统的模式相比，容器之间有更多个隔离。  </p>
<h5 id="lian-meng-shi-rong-qi-de-ying-yong-chang-jing"><a class="toclink" href="#lian-meng-shi-rong-qi-de-ying-yong-chang-jing">联盟式容器的应用场景</a></h5>
<p>联盟式容器可以直接向本地的lo接口发送请求，联盟的其他容器也可以收到这个请求，就好比联盟中的容器是运行在同一个主机上的两个进程一样。<br>
比如，首先有一个brideg模式的容器，提供一个静态Web页面的服务。然后对于动态页面的请求则发送给另外一个容器处理。<br>
这时启动第二个动态页面的容器。如果这个容器也是brideg模式，由于ip地址是动态获得的，那么静态页面容器就无法确定向哪个ip地址发送请求。此时如果这两个容器是联盟式的网络，直接向本地的lo接口发送请求就可以了。  </p>
<h4 id="kai-fang-shi-wang-luo"><a class="toclink" href="#kai-fang-shi-wang-luo">开放式网络</a></h4>
<p>要使用开放式网络，指定--network的参数为host即可：</p>
<div class="highlight"><pre><span></span><code><span class="o">[</span>root@Docker ~<span class="o">]</span><span class="c1"># docker container run --name b3 --rm -it --network host busybox</span>
/ <span class="c1"># ifconfig</span>
docker0   Link encap:Ethernet  HWaddr <span class="m">02</span>:42:3C:BE:06:75  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:3cff:febe:675/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:71 errors:0 dropped:0 overruns:0 frame:0
          TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4773 <span class="o">(</span><span class="m">4</span>.6 KiB<span class="o">)</span>  TX bytes:7313 <span class="o">(</span><span class="m">7</span>.1 KiB<span class="o">)</span>

eth0      Link encap:Ethernet  HWaddr <span class="m">00</span>:15:5D:03:67:56  
          inet addr:192.168.24.170  Bcast:192.168.24.175  Mask:255.255.255.240
          inet6 addr: fe80::4c95:4028:8e1:a795/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:36462 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20392 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:42167574 <span class="o">(</span><span class="m">40</span>.2 MiB<span class="o">)</span>  TX bytes:1953899 <span class="o">(</span><span class="m">1</span>.8 MiB<span class="o">)</span>

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3777 <span class="o">(</span><span class="m">3</span>.6 KiB<span class="o">)</span>  TX bytes:3777 <span class="o">(</span><span class="m">3</span>.6 KiB<span class="o">)</span>

/ <span class="c1"># </span>
</code></pre></div>

<p>不要退出终端，继续在容器里开放一个httpd：</p>
<div class="highlight"><pre><span></span><code>/ <span class="c1"># echo &quot;&lt;h1&gt;Hello b3, network host&lt;/h1&gt;&quot; &gt; /var/www/index.html</span>
/ <span class="c1"># httpd -h /var/www/</span>
/ <span class="c1"># netstat -tnl</span>
Active Internet connections <span class="o">(</span>only servers<span class="o">)</span>
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        <span class="m">0</span>      <span class="m">0</span> <span class="m">0</span>.0.0.0:22              <span class="m">0</span>.0.0.0:*               LISTEN      
tcp        <span class="m">0</span>      <span class="m">0</span> <span class="m">127</span>.0.0.1:25            <span class="m">0</span>.0.0.0:*               LISTEN      
tcp        <span class="m">0</span>      <span class="m">0</span> <span class="m">192</span>.168.24.170:10010    <span class="m">0</span>.0.0.0:*               LISTEN      
tcp        <span class="m">0</span>      <span class="m">0</span> :::80                   :::*                    LISTEN      
tcp        <span class="m">0</span>      <span class="m">0</span> :::22                   :::*                    LISTEN      
tcp        <span class="m">0</span>      <span class="m">0</span> ::1:25                  :::*                    LISTEN      
/ <span class="c1"># </span>
</code></pre></div>

<p>启动httpd服务后，也检查了本地监听端口，没有问题。  </p>
<h5 id="fang-huo-qiang-wen-ti"><a class="toclink" href="#fang-huo-qiang-wen-ti">防火墙问题</a></h5>
<p>在宿主机上是可以直接访问这个Web页面的：</p>
<div class="highlight"><pre><span></span><code>$ curl <span class="m">172</span>.17.0.1
&lt;h1&gt;Hello b3, network host&lt;/h1&gt;
$
</code></pre></div>

<p>但是外部网络依然无法访问，这个主要是宿主机的防火墙问题。<br>
之前也开放过服务，并且访问都没有问题。这个应该是宿主机将访问容器的流量都默认放行了。而这次是要直接访问宿主机，虽然服务是在容器内的，但是使用的网络是宿主机的，所以需要防火墙放开策略。  </p>
<p>临时开放宿主机上的http服务：</p>
<div class="highlight"><pre><span></span><code>$ firewall-cmd --add-service<span class="o">=</span>http
success
$ firewall-cmd --list-all
public <span class="o">(</span>active<span class="o">)</span>
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: ssh dhcpv6-client http
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

$
</code></pre></div>

<p>这个只是临时测试，防火墙firewalld服务重启后就会回复原样，这样非常好。  </p>
<p>如果要永久生效，则是执行下面的2条命令：</p>
<div class="highlight"><pre><span></span><code>$ firewall-cmd --permanent --add-service<span class="o">=</span>http
$ firewall-cmd --reload
</code></pre></div>

<p>宿主机防火墙策略开放后，就可以使用浏览器访问宿主机的80端口打开页面了。  </p>
<h5 id="kai-fang-shi-rong-qi-de-ying-yong-chang-jing"><a class="toclink" href="#kai-fang-shi-rong-qi-de-ying-yong-chang-jing">开放式容器的应用场景</a></h5>
<p>部署方式简单，方便迁移。充分利用容器的优势，并能保证程序工作在宿主机上的要求，至少是通过宿主机的网络接口对外提供服务。  </p>
<p>以开放式容器的方式运行和进程差不多。都是在一个机器上运行多个进程。进程之间原本就是互相隔离的，但是使用容器后，还可以隔离文件系统和用户。另外一个好处就是部署和迁移方便。以往工作为宿主机首部进程的那些系统级管理的进程，以后就可以使用容器的方式来运行。  </p>
<h3 id="xiu-gai-mo-ren-docker-wang-luo"><a class="toclink" href="#xiu-gai-mo-ren-docker-wang-luo">修改默认docker网络</a></h3>
<p>上一节的内容是使用docker默认创建好的3个网络，容器选择其中一个网络，并在运行容器时对可选的参数进行设置。<br>
本节的内容是不使用默认提供的网络，而是先对网络进行自定义。自定义有两种实现方式，一种是对默认的网络进行修改，还有一种是完全创建一个新的网络。  </p>
<h4 id="mo-ren-de-bridge-wang-luo"><a class="toclink" href="#mo-ren-de-bridge-wang-luo">默认的bridge网络</a></h4>
<p>默认设置，docker使用的是172.17.0.1/16的网络。这个网络的网络类型是bridge，对应的网络名称也是bridge，对应在宿主机上的网卡是docker0。<br>
使用ifconfig命令查看docker0桥的信息：</p>
<div class="highlight"><pre><span></span><code>$ ifconfig
docker0: <span class="nv">flags</span><span class="o">=</span><span class="m">4099</span>&lt;UP,BROADCAST,MULTICAST&gt;  mtu <span class="m">1500</span>
        inet <span class="m">172</span>.17.0.1  netmask <span class="m">255</span>.255.0.0  broadcast <span class="m">172</span>.17.255.255
        inet6 fe80::42:3cff:febe:675  prefixlen <span class="m">64</span>  scopeid 0x20&lt;link&gt;
        ether <span class="m">02</span>:42:3c:be:06:75  txqueuelen <span class="m">0</span>  <span class="o">(</span>Ethernet<span class="o">)</span>
        RX packets <span class="m">71</span>  bytes <span class="m">4773</span> <span class="o">(</span><span class="m">4</span>.6 KiB<span class="o">)</span>
        RX errors <span class="m">0</span>  dropped <span class="m">0</span>  overruns <span class="m">0</span>  frame <span class="m">0</span>
        TX packets <span class="m">82</span>  bytes <span class="m">7313</span> <span class="o">(</span><span class="m">7</span>.1 KiB<span class="o">)</span>
        TX errors <span class="m">0</span>  dropped <span class="m">0</span> overruns <span class="m">0</span>  carrier <span class="m">0</span>  collisions <span class="m">0</span>
</code></pre></div>

<p>这个默认的dockr0桥接口是可以修改的。另外还可以额外定义新的桥接口网络。  </p>
<h4 id="xiu-gai-mo-ren-docker0-qiao"><a class="toclink" href="#xiu-gai-mo-ren-docker0-qiao">修改默认docker0桥</a></h4>
<p>docker0桥是在docker daemon启动时创建的，会根据默认属性自动创建，也可以通过修改配置文件来进行自定义。<br>
配置文件就是<code>/etc/docker/daemon.json</code>，在添加镜像加速器的时候已经用过了。主要的属性有如下这些：</p>
<ul>
<li>bip: docker0桥的ip地址和掩码。docker会自动为这个网络配置一个dhcp</li>
<li>fixed-cidr: 限定为容器分配的IP地址范围</li>
<li>fixed-cidr-v6: 同上，ipv6地址的设置</li>
<li>mtu: 所能通过的最大数据包大小。一般为1500，最好不要设置保持默认。</li>
<li>default-gateway: 默认网关</li>
<li>default-gateway-v6: 默认的ipv6网关</li>
<li>dns: dns服务器地址，可以指定多个，这是一个数组类型</li>
</ul>
<p>json配置内容示例：</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;bip&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;192.168.10.1/24&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;fixed-cidr&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;192.168.10.128/25&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;fixed-cidr-v6&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;2001:db8::/64&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;mtu&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1500</span><span class="p">,</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;default-gateway&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;192.168.1.1&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;default-gateway-v6&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;2001:db8:abcd::89&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;dns&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&quot;114.114.114.114&quot;</span><span class="p">,</span><span class="w"> </span><span class="s2">&quot;223.5.5.5&quot;</span><span class="p">]</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>

<p>核心选项是bip（bridge ip），用于指定docker0桥自身的IP地址。根据需要进行自定义，可以只设置一个bip，其他保持默认。其他选项会根据bip自动计算得出，还有一些是默认使用宿主机的网络属性。  </p>
<h5 id="shi-ji-xiu-gai-ben-ji-de-pei-zhi"><a class="toclink" href="#shi-ji-xiu-gai-ben-ji-de-pei-zhi">实际修改本机的配置</a></h5>
<p>修改后的配置文件如下：</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;registry-mirrors&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&quot;http://hub-mirror.c.163.com&quot;</span><span class="p">,</span><span class="w"> </span><span class="s2">&quot;https://docker.mirrors.ustc.edu.cn&quot;</span><span class="p">],</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;bip&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;192.168.101.1/24&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;fixed-cidr&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;192.168.101.128/25&quot;</span><span class="p">,</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;dns&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&quot;114.114.114.114&quot;</span><span class="p">,</span><span class="w"> </span><span class="s2">&quot;223.5.5.5&quot;</span><span class="p">]</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>

<p>重启服务后，先查看宿主机的docker0桥：</p>
<div class="highlight"><pre><span></span><code>$ systemctl restart docker
$ ifconfig
docker0: <span class="nv">flags</span><span class="o">=</span><span class="m">4099</span>&lt;UP,BROADCAST,MULTICAST&gt;  mtu <span class="m">1500</span>
        inet <span class="m">192</span>.168.101.1  netmask <span class="m">255</span>.255.255.0  broadcast <span class="m">192</span>.168.101.255
        inet6 fe80::42:3cff:febe:675  prefixlen <span class="m">64</span>  scopeid 0x20&lt;link&gt;
        ether <span class="m">02</span>:42:3c:be:06:75  txqueuelen <span class="m">0</span>  <span class="o">(</span>Ethernet<span class="o">)</span>
        RX packets <span class="m">81</span>  bytes <span class="m">5445</span> <span class="o">(</span><span class="m">5</span>.3 KiB<span class="o">)</span>
        RX errors <span class="m">0</span>  dropped <span class="m">0</span>  overruns <span class="m">0</span>  frame <span class="m">0</span>
        TX packets <span class="m">92</span>  bytes <span class="m">8125</span> <span class="o">(</span><span class="m">7</span>.9 KiB<span class="o">)</span>
        TX errors <span class="m">0</span>  dropped <span class="m">0</span> overruns <span class="m">0</span>  carrier <span class="m">0</span>  collisions <span class="m">0</span>
</code></pre></div>

<p>此时docker0的网络属性已经变了。  </p>
<h5 id="xin-jian-rong-qi-cha-kan-wang-luo"><a class="toclink" href="#xin-jian-rong-qi-cha-kan-wang-luo">新建容器查看网络</a></h5>
<p>创建容器，查看容器内的网络属性：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --name b4 --rm -it busybox
/ <span class="c1"># ifconfig</span>
eth0      Link encap:Ethernet  HWaddr <span class="m">02</span>:42:C0:A8:65:80  
          inet addr:192.168.101.128  Bcast:192.168.101.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:516 <span class="o">(</span><span class="m">516</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

/ <span class="c1"># cat /etc/resolv.conf </span>
nameserver <span class="m">114</span>.114.114.114
nameserver <span class="m">223</span>.5.5.5
/ <span class="c1"># exit</span>
$ 
</code></pre></div>

<p>这里可以确认到自动获取的ip地址也符合设置要求了，还有dns服务器的地址也是自定义的。  </p>
<h4 id="chuang-jian-zi-ding-yi-qiao"><a class="toclink" href="#chuang-jian-zi-ding-yi-qiao">创建自定义桥</a></h4>
<p>查看已有的网络：</p>
<div class="highlight"><pre><span></span><code>$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
8ec74d5bd709        bridge              bridge              <span class="nb">local</span>
d086953087bb        host                host                <span class="nb">local</span>
fa0c7f1fb6ca        none                null                <span class="nb">local</span>
$ 
</code></pre></div>

<h5 id="cha-kan-wang-luo-cha-jian"><a class="toclink" href="#cha-kan-wang-luo-cha-jian">查看网络插件</a></h5>
<p>这里先展开一下，看看docker支持哪些类型的网络。<br>
命令docker info里的插件Plugins的内容：</p>
<div class="highlight"><pre><span></span><code>$ docker info
Plugins:
 Volume: <span class="nb">local</span>
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
</code></pre></div>

<p>在Network插件中，除了bridge、host、nul之外，还有overlay（叠加网络）、macvlan（基于mac的vlan虚拟网络），这两种网络类型没有展开。<br>
这些网络插件在下面创建网路时，通过-d参数可以指定，默认是bridge。  </p>
<h5 id="chuang-jian-wang-luo"><a class="toclink" href="#chuang-jian-wang-luo">创建网络</a></h5>
<p>使用命令<code>docker network create</code>命令来创建网络：</p>
<div class="highlight"><pre><span></span><code>$ docker network create -d bridge --subnet <span class="s2">&quot;192.168.111.0/24&quot;</span> mybr1

7128a28bbbf39a6ca483ecad03d5d85c8179507aff66ced73ca8de5233f16fee
<span class="o">[</span>root@Docker ~<span class="o">]</span><span class="c1"># docker network ls</span>
NETWORK ID          NAME                DRIVER              SCOPE
8ec74d5bd709        bridge              bridge              <span class="nb">local</span>
d086953087bb        host                host                <span class="nb">local</span>
7128a28bbbf3        mybr1               bridge              <span class="nb">local</span>
fa0c7f1fb6ca        none                null                <span class="nb">local</span>
<span class="o">[</span>root@Docker ~<span class="o">]</span><span class="c1"># ifconfig</span>
br-7128a28bbbf3: <span class="nv">flags</span><span class="o">=</span><span class="m">4099</span>&lt;UP,BROADCAST,MULTICAST&gt;  mtu <span class="m">1500</span>
        inet <span class="m">192</span>.168.111.1  netmask <span class="m">255</span>.255.255.0  broadcast <span class="m">192</span>.168.111.255
        ether <span class="m">02</span>:42:1f:ff:fd:5d  txqueuelen <span class="m">0</span>  <span class="o">(</span>Ethernet<span class="o">)</span>
        RX packets <span class="m">0</span>  bytes <span class="m">0</span> <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>
        RX errors <span class="m">0</span>  dropped <span class="m">0</span>  overruns <span class="m">0</span>  frame <span class="m">0</span>
        TX packets <span class="m">0</span>  bytes <span class="m">0</span> <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>
        TX errors <span class="m">0</span>  dropped <span class="m">0</span> overruns <span class="m">0</span>  carrier <span class="m">0</span>  collisions <span class="m">0</span>

docker0: <span class="nv">flags</span><span class="o">=</span><span class="m">4099</span>&lt;UP,BROADCAST,MULTICAST&gt;  mtu <span class="m">1500</span>
        inet <span class="m">192</span>.168.101.1  netmask <span class="m">255</span>.255.255.0  broadcast <span class="m">192</span>.168.101.255
        inet6 fe80::42:3cff:febe:675  prefixlen <span class="m">64</span>  scopeid 0x20&lt;link&gt;
        ether <span class="m">02</span>:42:3c:be:06:75  txqueuelen <span class="m">0</span>  <span class="o">(</span>Ethernet<span class="o">)</span>
        RX packets <span class="m">81</span>  bytes <span class="m">5445</span> <span class="o">(</span><span class="m">5</span>.3 KiB<span class="o">)</span>
        RX errors <span class="m">0</span>  dropped <span class="m">0</span>  overruns <span class="m">0</span>  frame <span class="m">0</span>
        TX packets <span class="m">92</span>  bytes <span class="m">8125</span> <span class="o">(</span><span class="m">7</span>.9 KiB<span class="o">)</span>
        TX errors <span class="m">0</span>  dropped <span class="m">0</span> overruns <span class="m">0</span>  carrier <span class="m">0</span>  collisions <span class="m">0</span>
</code></pre></div>

<p>-d参数可以省略，默认就是bridge。  </p>
<p>更多的参数可以使用--help选项查看：</p>
<ul>
<li>--gateway: 设置网关</li>
<li>--ip-range: 等同fixed-cdir设置，从一个IP范围分配IP地址</li>
<li>--internal: 限制外网网络连接到这个网络</li>
<li>--ipv6: 启用ipv6网络</li>
<li>--subnet: 等同bip设置，子网</li>
</ul>
<h5 id="zhi-ding-wang-ka-de-ming-cheng"><a class="toclink" href="#zhi-ding-wang-ka-de-ming-cheng">指定网卡的名称</a></h5>
<p>在ifconfig查看的时候，网卡显示的名称是根据这个docker网络额ID号自动生成的。<br>
在创建网络时使用-o参数可以进行指定：</p>
<div class="highlight"><pre><span></span><code>$ docker network create --subnet <span class="s2">&quot;192.168.112.0/24&quot;</span> -o <span class="s2">&quot;com.docker.network.bridge.name=docker1&quot;</span> mybr2
b8a2639ce1baef83e54b5a0bca5ba6c7bbd2e6b607e62016c930350235bea965
$ ifconfig
br-7128a28bbbf3: <span class="nv">flags</span><span class="o">=</span><span class="m">4099</span>&lt;UP,BROADCAST,MULTICAST&gt;  mtu <span class="m">1500</span>
        inet <span class="m">192</span>.168.111.1  netmask <span class="m">255</span>.255.255.0  broadcast <span class="m">192</span>.168.111.255
        ether <span class="m">02</span>:42:1f:ff:fd:5d  txqueuelen <span class="m">0</span>  <span class="o">(</span>Ethernet<span class="o">)</span>
        RX packets <span class="m">0</span>  bytes <span class="m">0</span> <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>
        RX errors <span class="m">0</span>  dropped <span class="m">0</span>  overruns <span class="m">0</span>  frame <span class="m">0</span>
        TX packets <span class="m">0</span>  bytes <span class="m">0</span> <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>
        TX errors <span class="m">0</span>  dropped <span class="m">0</span> overruns <span class="m">0</span>  carrier <span class="m">0</span>  collisions <span class="m">0</span>

docker0: <span class="nv">flags</span><span class="o">=</span><span class="m">4099</span>&lt;UP,BROADCAST,MULTICAST&gt;  mtu <span class="m">1500</span>
        inet <span class="m">192</span>.168.101.1  netmask <span class="m">255</span>.255.255.0  broadcast <span class="m">192</span>.168.101.255
        inet6 fe80::42:3cff:febe:675  prefixlen <span class="m">64</span>  scopeid 0x20&lt;link&gt;
        ether <span class="m">02</span>:42:3c:be:06:75  txqueuelen <span class="m">0</span>  <span class="o">(</span>Ethernet<span class="o">)</span>
        RX packets <span class="m">81</span>  bytes <span class="m">5445</span> <span class="o">(</span><span class="m">5</span>.3 KiB<span class="o">)</span>
        RX errors <span class="m">0</span>  dropped <span class="m">0</span>  overruns <span class="m">0</span>  frame <span class="m">0</span>
        TX packets <span class="m">92</span>  bytes <span class="m">8125</span> <span class="o">(</span><span class="m">7</span>.9 KiB<span class="o">)</span>
        TX errors <span class="m">0</span>  dropped <span class="m">0</span> overruns <span class="m">0</span>  carrier <span class="m">0</span>  collisions <span class="m">0</span>

docker1: <span class="nv">flags</span><span class="o">=</span><span class="m">4099</span>&lt;UP,BROADCAST,MULTICAST&gt;  mtu <span class="m">1500</span>
        inet <span class="m">192</span>.168.112.1  netmask <span class="m">255</span>.255.255.0  broadcast <span class="m">192</span>.168.112.255
        ether <span class="m">02</span>:42:74:95:cd:0b  txqueuelen <span class="m">0</span>  <span class="o">(</span>Ethernet<span class="o">)</span>
        RX packets <span class="m">0</span>  bytes <span class="m">0</span> <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>
        RX errors <span class="m">0</span>  dropped <span class="m">0</span>  overruns <span class="m">0</span>  frame <span class="m">0</span>
        TX packets <span class="m">0</span>  bytes <span class="m">0</span> <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>
        TX errors <span class="m">0</span>  dropped <span class="m">0</span> overruns <span class="m">0</span>  carrier <span class="m">0</span>  collisions <span class="m">0</span>
</code></pre></div>

<p>这次创建的网卡的名字就舒服多了。  </p>
<p>关于-o参数，主要有下面这些：</p>
<table>
<thead>
<tr>
<th>选项</th>
<th>等同</th>
<th>描述</th>
</tr>
</thead>
<tbody>
<tr>
<td>com.docker.network.bridge.name</td>
<td>-</td>
<td>创建Linux bridge使用的bridge名称</td>
</tr>
<tr>
<td>com.docker.network.bridge.enable_ip_masquerade</td>
<td>ip-masq</td>
<td>启用IP伪装</td>
</tr>
<tr>
<td>com.docker.network.bridge.enable_icc</td>
<td>icc</td>
<td>启用或禁用容器间连接</td>
</tr>
<tr>
<td>com.docker.network.bridge.host_binding_ipv4</td>
<td>ip</td>
<td>绑定容器端口时默认绑定的IP</td>
</tr>
<tr>
<td>com.docker.network.driver.mtu</td>
<td>mtu</td>
<td>设置容器网络MTU</td>
</tr>
</tbody>
</table>
<p>这里没有网络基础可能不太好理解，不过我们还可以参考默认的bridge网络的设置：</p>
<div class="highlight"><pre><span></span><code>$ docker network inspect bridge
<span class="o">[</span>
    <span class="o">{</span>
        <span class="s2">&quot;Name&quot;</span>: <span class="s2">&quot;bridge&quot;</span>,
        <span class="s2">&quot;Id&quot;</span>: <span class="s2">&quot;80631c00ea3ece0280c786b90f5157be68fe76c26d52f4d9d870a7f5b59edde1&quot;</span>,
        <span class="s2">&quot;Created&quot;</span>: <span class="s2">&quot;2019-07-21T10:16:03.635792707+08:00&quot;</span>,
        <span class="s2">&quot;Scope&quot;</span>: <span class="s2">&quot;local&quot;</span>,
        <span class="s2">&quot;Driver&quot;</span>: <span class="s2">&quot;bridge&quot;</span>,
        <span class="s2">&quot;EnableIPv6&quot;</span>: false,
        <span class="s2">&quot;IPAM&quot;</span>: <span class="o">{</span>
            <span class="s2">&quot;Driver&quot;</span>: <span class="s2">&quot;default&quot;</span>,
            <span class="s2">&quot;Options&quot;</span>: null,
            <span class="s2">&quot;Config&quot;</span>: <span class="o">[</span>
                <span class="o">{</span>
                    <span class="s2">&quot;Subnet&quot;</span>: <span class="s2">&quot;172.17.0.0/16&quot;</span>,
                    <span class="s2">&quot;Gateway&quot;</span>: <span class="s2">&quot;172.17.0.1&quot;</span>
                <span class="o">}</span>
            <span class="o">]</span>
        <span class="o">}</span>,
        <span class="s2">&quot;Internal&quot;</span>: false,
        <span class="s2">&quot;Attachable&quot;</span>: false,
        <span class="s2">&quot;Ingress&quot;</span>: false,
        <span class="s2">&quot;ConfigFrom&quot;</span>: <span class="o">{</span>
            <span class="s2">&quot;Network&quot;</span>: <span class="s2">&quot;&quot;</span>
        <span class="o">}</span>,
        <span class="s2">&quot;ConfigOnly&quot;</span>: false,
        <span class="s2">&quot;Containers&quot;</span>: <span class="o">{}</span>,
        <span class="s2">&quot;Options&quot;</span>: <span class="o">{</span>
            <span class="s2">&quot;com.docker.network.bridge.default_bridge&quot;</span>: <span class="s2">&quot;true&quot;</span>,
            <span class="s2">&quot;com.docker.network.bridge.enable_icc&quot;</span>: <span class="s2">&quot;true&quot;</span>,
            <span class="s2">&quot;com.docker.network.bridge.enable_ip_masquerade&quot;</span>: <span class="s2">&quot;true&quot;</span>,
            <span class="s2">&quot;com.docker.network.bridge.host_binding_ipv4&quot;</span>: <span class="s2">&quot;0.0.0.0&quot;</span>,
            <span class="s2">&quot;com.docker.network.bridge.name&quot;</span>: <span class="s2">&quot;docker0&quot;</span>,
            <span class="s2">&quot;com.docker.network.driver.mtu&quot;</span>: <span class="s2">&quot;1500&quot;</span>
        <span class="o">}</span>,
        <span class="s2">&quot;Labels&quot;</span>: <span class="o">{}</span>
    <span class="o">}</span>
<span class="o">]</span>
$ 
</code></pre></div>

<p>这个是默认的没有修改过的bridge桥的信息。除了Options参数，其他参数也可以参考一下。  </p>
<h5 id="shi-yong-zi-ding-yi-wang-luo"><a class="toclink" href="#shi-yong-zi-ding-yi-wang-luo">使用自定义网络</a></h5>
<p>这个之前已经用到过了。之前可选的网络只有默认提供的3个，brideg、host、none，现在创建的自定义网络也可以使用了。<br>
命令<code>docker network ls</code>可以查看，引用的时候使用--network参数指定网络的名称（NAME）：</p>
<div class="highlight"><pre><span></span><code>$ docker container run --rm -it --network mybr2 busybox
/ <span class="c1"># ifconfig</span>
eth0      Link encap:Ethernet  HWaddr <span class="m">02</span>:42:C0:A8:70:02  
          inet addr:192.168.112.2  Bcast:192.168.112.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1032 <span class="o">(</span><span class="m">1</span>.0 KiB<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>  TX bytes:0 <span class="o">(</span><span class="m">0</span>.0 B<span class="o">)</span>

/ <span class="c1"># </span>
</code></pre></div>

<p>通过容器内的eth0的IP地址可以判断使用的是刚才创建的自定义网络。  </p>
<h3 id="yuan-cheng-guan-li-docker"><a class="toclink" href="#yuan-cheng-guan-li-docker">远程管理docker</a></h3>
<p>docker守护进程是C/S构架，默认只监听本机的UNIX sock文件。该文件位于<code>/var/run/</code>目录下：</p>
<div class="highlight"><pre><span></span><code>$ ls /var/run/*.sock
/var/run/docker.sock
$ 
</code></pre></div>

<p>可以设置为监听TCP端口，这样就可以让网络上其他主机上的客户端连接到本地的服务端。  </p>
<h4 id="fu-wu-duan-pei-zhi"><a class="toclink" href="#fu-wu-duan-pei-zhi">服务端配置</a></h4>
<p>服务端需要修改配置文件，让服务监听网络端口。<br>
配置文件<code>/etc/docker/daemon.json</code>添加一个hosts属性：</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="nt">&quot;hosts&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&quot;tcp://0.0.0.0:2375&quot;</span><span class="p">,</span><span class="w"> </span><span class="s2">&quot;unix:///var/run/docker.sock&quot;</span><span class="p">]</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>

<p>修改配置文件后需要重启服务。默认本地的UNIX sock文件还是保留着。  </p>
<h4 id="ke-hu-duan-lian-jie"><a class="toclink" href="#ke-hu-duan-lian-jie">客户端连接</a></h4>
<p>客户端要连接到服务端，使用-H或--host参数来添加服务器。<br>
直接不带任何参数执行docker命令，可以查看到帮助信息：</p>
<div class="highlight"><pre><span></span><code>-H, --host list          Daemon socket<span class="o">(</span>s<span class="o">)</span> to connect to
</code></pre></div>

<p>之前使用客户端的时候，都是不带这个参数的，也就是默认连接本机的UNIX sock文件。加上参数后，就可以指定连接的服务端了。<br>
使用-H参数，不过指定的服务器依然是本地的UNIX sock文件：</p>
<div class="highlight"><pre><span></span><code>$ docker -H unix:///var/run/docker.sock network ls
</code></pre></div>

<p>如果开启了网络的监听，可以这样：</p>
<div class="highlight"><pre><span></span><code>$ docker -H <span class="m">127</span>.0.0.1 version
</code></pre></div>

<p>协议和端口号都可以省略，默认是tcp的2375端口。  </p>
<h5 id="bu-neng-zhi-ding-duo-ge-fu-wu-qi"><a class="toclink" href="#bu-neng-zhi-ding-duo-ge-fu-wu-qi">不能指定多个服务器</a></h5>
<p>看帮助，这个参数是个list，就是可以多次调用-H来添加多个服务端。<br>
参数是这么设计的，但是程序的逻辑不允许：</p>
<div class="highlight"><pre><span></span><code>$ docker -H unix:///var/run/docker.sock -H <span class="m">127</span>.0.0.1 images
Please specify only one -H
$ 
</code></pre></div>

<p>这里找到了源码中对应的处理函数：</p>
<div class="highlight"><pre><span></span><code><span class="kd">func</span><span class="w"> </span><span class="nx">getServerHost</span><span class="p">(</span><span class="nx">hosts</span><span class="w"> </span><span class="p">[]</span><span class="kt">string</span><span class="p">,</span><span class="w"> </span><span class="nx">tlsOptions</span><span class="w"> </span><span class="o">*</span><span class="nx">tlsconfig</span><span class="p">.</span><span class="nx">Options</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="kt">string</span><span class="p">,</span><span class="w"> </span><span class="kt">error</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="kd">var</span><span class="w"> </span><span class="nx">host</span><span class="w"> </span><span class="kt">string</span><span class="w"></span>
<span class="w">    </span><span class="k">switch</span><span class="w"> </span><span class="nb">len</span><span class="p">(</span><span class="nx">hosts</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="mi">0</span><span class="p">:</span><span class="w"></span>
<span class="w">        </span><span class="nx">host</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">os</span><span class="p">.</span><span class="nx">Getenv</span><span class="p">(</span><span class="s">&quot;DOCKER_HOST&quot;</span><span class="p">)</span><span class="w"></span>
<span class="w">    </span><span class="k">case</span><span class="w"> </span><span class="mi">1</span><span class="p">:</span><span class="w"></span>
<span class="w">        </span><span class="nx">host</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nx">hosts</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span><span class="w"></span>
<span class="w">    </span><span class="k">default</span><span class="p">:</span><span class="w"></span>
<span class="w">        </span><span class="k">return</span><span class="w"> </span><span class="s">&quot;&quot;</span><span class="p">,</span><span class="w"> </span><span class="nx">errors</span><span class="p">.</span><span class="nx">New</span><span class="p">(</span><span class="s">&quot;Please specify only one -H&quot;</span><span class="p">)</span><span class="w"></span>
<span class="w">    </span><span class="p">}</span><span class="w"></span>

<span class="w">    </span><span class="k">return</span><span class="w"> </span><span class="nx">dopts</span><span class="p">.</span><span class="nx">ParseHost</span><span class="p">(</span><span class="nx">tlsOptions</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="kc">nil</span><span class="p">,</span><span class="w"> </span><span class="nx">host</span><span class="p">)</span><span class="w"></span>
<span class="p">}</span><span class="w"></span>
</code></pre></div>

<p>参数只能是0个或1个，否则就返回错误。  </p>
<h5 id="she-zhi-huan-jing-bian-liang"><a class="toclink" href="#she-zhi-huan-jing-bian-liang">设置环境变量</a></h5>
<p>如果不使用-H参数指定，还可以通过环境变量DOCKER_HOST指定。好处是不用每次连接都加上-H参数了。<br>
下面是设置和验证的命令：</p>
<div class="highlight"><pre><span></span><code>$ <span class="nb">export</span> <span class="nv">DOCKER_HOST</span><span class="o">=</span><span class="s2">&quot;unix:///var/run/docker.sock&quot;</span>
$ <span class="nb">echo</span> <span class="nv">$DOCKER_HOST</span>
unix:///var/run/docker.sock
$ 
</code></pre></div>

<p>这里设置的环境变量是临时生效的，重新登录就没有了。如果想让环境变量永久生效请写入  ~/.bashrc 。  </p>
      </div>
      <div class="back-to-top">
        <a href="/">HOME</a>
        <a href="#top">TOP</a>
      </div>
    </article>
  </div>
<!-- end article -->
<!-- 页面往下滚动一段之后才会显示TOC -->
<script>
  window.onscroll = function() {
    var tocbox = document.getElementsByClassName('toc')[0];
    var osTop = document.documentElement.scrollTop || document.body.scrollTop;
    var osWidth = document.documentElement.scrollWidth || document.body.scrollWidth;
    // console.log(osTop)
    if (osTop>300 && osWidth>865) {
      tocbox.style.display = "block"
    }
    if (osTop<300 || osWidth<865) {
      tocbox.style.display = "none"
    }
  }
</script>
                <footer>
                    <div class="icons">
                    </div>
                    <span id="busuanzi_container_page_pv" style="padding: 10px">本文阅读量<span id="busuanzi_value_page_pv"></span>次</span>
                    <span id="busuanzi_container_site_pv" style="padding: 10px">本站总访问量<span id="busuanzi_value_site_pv"></span>次</span>
                    <span id="busuanzi_container_site_uv" style="padding: 10px">本站总访客数<span id="busuanzi_value_site_uv"></span>人</span>
                    <p>© <script>document.write(moment().format('YYYY'));</script> 749B</p>
                </footer>
        </div>
</body>
</html>